Difference between revisions of "Consents"

From Privacy-Now
Jump to: navigation, search
(Consents Management)
Line 184: Line 184:
 
  Date_Time_Newsletter:12-10-2018 10:14:50
 
  Date_Time_Newsletter:12-10-2018 10:14:50
  
=== Bulk import of consent records ===
+
== Bulk operations of consent record ==
Privacy Now® allows the bulk import of ''consent'' from <b>''Consents\Import Consents from xlsx''</b>.
+
Privacy Now® allows the bulk management of ''consent'' from <b>''Consents\Manage Consents from xlsx''</b>.
 +
 
 +
=== Import/Update of Consents ===
  
 
[[File:Consent bulk import - xlsx example.jpg|centre|thumb|800x800px|Consents bulk import.]]
 
[[File:Consent bulk import - xlsx example.jpg|centre|thumb|800x800px|Consents bulk import.]]
Line 231: Line 233:
 
|}
 
|}
  
== Removal of consents ==
+
=== Removal of consents ===
  
=== Removal of single consent records ===
+
A ''consent'' can be removed individually from Application Settings.
  
=== Bulk removal of consent records ===
+
=== Update consents in Wrong Email status ===
  
 
TBC
 
TBC

Revision as of 12:37, 17 October 2018

Introduction to Consents

Consents management provide the mean to acquire, update and use consents information. For example, it is possible to use Privacy Now® as a central repository of information about all the consents. Information about consents can be created and updated manually or interfacing Privacy Now® with external system. See the paragraph Consents Source Details for more information.

Workflow

A new consent can be created using the Add New functionality and choosing "New Consent". Alternatively, a new consent can be automatically acquired or updated by an external system.

A workflow enables to move consents in several statuses as shown in the following picture.

Consents workflow and statuses.


The following table explains the meaning of each status:

Status Description
Default A temporary status when the consent is initially created before the first save.
Valid A consent in this status is valid and its information can be used accordingly.
Wrong email This status is set manually or automatically. It can be set automatically by bulk import from xlsx.
Expired In this status a consent is expired and therefore should be removed.
To be Removed In this status, the consent shall be removed (the status is used to identify consents by the automatic removal procedure).

Information

Consent records are organized in three sections:

  • Identification, where identification data of the consent are recorded,
  • Ownership & Organization, containing the assignment of the key roles enabled to manage the consent;
  • Consent Details, with the details of the consent;

Is possible to select only one consent type and one consent subject for each consent record. When the consent type is selected/updated the following fields could be automatically updated too (check details in table below).

Field Description
Consent Expires At record insert/update: the value of this field will be set to "Yes" if selected consent type Duration (days) is > 0, otherwise "No".
Consent Last Update At record insert/update: The value of this field will be set to current date and time.
First Consent Warning This field is updated only if Consent Expires is set to "yes", otherwise not. At record insert/update: The value of this field will be set to current date + days specified in First Warning (days).
Second Consent Warning This field is updated only if Consent Expires is set to "yes", otherwise not. At record insert/update: The value of this field will be set to current date + days specified in Second Warning (days).
Final Consent Warning This field is updated only if Consent Expires is set to "yes", otherwise not. At record insert/update: The value of this field will be set to current date + days specified in Third Warning (days).
Retention Deadline This field is updated only if Consent Expires is set to "yes", otherwise not. At record insert/update: The value of this field will be set to current date + days specified in Retention Period (days).

Detailed information on the meaning and use of every field can be found by pointing the mouse on the (i) next to each field. This will activate a tooltip with a brief description of the field.

Additional information can be found in the secondary forms of the record: attachments, related items, messages and history. See How To for more information.

Privileges

consent can be automatically created by authorized external systems or by the users to whom the corresponding privilege is granted (see Users & Groups for more information on how to set this privilege).

The lifecycle of the consent is managed by the roles described in the table below. groups are pre assigned to the roles according to the settings (see Settings for more information on how to set these defaults). Initial assignments can be modified according to privileges choosing among the enabled groups (see once again Settings for more information on how to enable groups).

Role Description
DPO Group Members of the group assigned to this role have full privileges. They can:
  • transition records to any compatible status,
  • update fields when possible,
  • update data sources directly in record management.
Data Controller Group Members of the group assigned to this role have view (read) privileges.
Data Processor Group Members of the group assigned to this role have several privileges. They can:
  • transition records to any compatible status,
  • update fields when possible.
Auditors Team Members of the group assigned to this role have view (read) privileges.

However, some steps may be performed automatically (see the paragraph dedicated to warning and alerts).

Warning and alerts

Each consent will be set as an expiring consent or not depending from the property Duration (days) of selected consent type:

  • Duration (days) = 0: in this case the current consent will never expire and no warning will be raised.
  • Duration (days) > 0: in this case the consent consent will expire and will be possible to configure four levels of warning.
Field Description
Code The value of this field shall be an integer and shall be univocal. It is the matching code used by Privacy Now® to automatically acquire consent from external system.
Consent Type The value of this field shall be univocal. It is the name of consent type (i.e.: "Newsletter").
Description Description of consent type.
Duration (days) The value of this field shall be an integer >= 0. It is used by Privacy Now® mainly to set current consent record as expiring consent or not.
First Warning (days) The value of this field shall be an integer >= 0. It will be used to evaluate the first warning threshold in case current consent is an expiring one.
Second Warning (days) The value of this field shall be an integer >= 0. It will be used to evaluate the second warning threshold in case current consent is an expiring one.
Third Warning (days) The value of this field shall be an integer >= 0. It will be used to evaluate the third warning threshold in case current consent is an expiring one.
Retention Period (days) The value of this field shall be an integer >= 0. It will be used to evaluate the last warning threshold in case current consent is an expiring one.
Web Site URL The value of this field will be the URL of front-end web site area to allow the data subject management of their consent (renew or revoke). It will be used in warning email sent by Privacy Now® to data subject in case the below option Send Warning to Data Subject is set to "true"
Send Warning to Data Subject This field shall be set to "true" if consent record for selected consent type shall cause warning sending to data subject too, otherwise the warning will be sent only to receivers set into Settings\Application Settings (see the paragraph dedicated to Consents Warnings Recipients ).

Reports

The list of consents can be filtered and exported to excel format from the view Consents.

Consents Import

Privacy-Now® allows to acquire consents from external source (using structured email or xlsx file).

Consent Mail Structure and Procedure

Privacy-Now® can be connected to a mailbox to acquire consents (see the paragraph dedicated to Consents Source Details).

A consent email shall contain the following parameters (one for each row): some of them are mandatory, while some other optional (check the detailed description of each one). The email format shall be plain text (HTML email will not be processed correctly) and shall not contain any signature.

Each mail shall contain one or more consent. Each consent is manageable only if 3 parameters are present and valorized: Consent_[consent name] , Value_[consent name] and Date_Time_[consent name].

Each consent present in mail will create a new ticket or update an existing ticket in Privacy-Now®. The existence of a consent is matched on Consent_[consent name], Source and the option selected in Data Subject Matching criteria.

Field Description
Source The value of this parameter is mandatory and shall be filled with the consent source (ie: could be the company name or business unit name or web site name). The value of this parameter shall match with the value(s) inserted in Settings/Data Sets/Consents/Consent Sources.
Name The value of this parameter is mandatory. The first name of data subject.
Surname The family name of data subject.
Email The email of data subject.
City The town of data subject.
Province_State The province or state of data subject.
Country The country of data subject.
Phone The phone number of data subject.
User_id The univocal id (integer) of the user corresponding to data subject in consent source (ie: id of user in web site).
Username The univocal login of the user corresponding to data subject in consent source (ie: login of user in web site).
IP_address The ip address used by data subject during web site browsing.
Lang The main language of data subject. Possible values: "en-GB", "it-IT" and "fr-FR".
Consent_[consent name] [consent name] shall be replaced by the name of consent (ie: consent_newseletter). At least one Consent_[consent name] shall exist in the email. The value of this parameter shall be a univocal code corresponding to one of the Code inserted in Settings/Data Sets/Consents/Consent Types.
Value_[consent name] [consent name] shall be replaced by the name of consent (ie: consent_newseletter). For each of the Consent_[consent name] defined in the email shall be present a corresponding Value_[consent name] (ie: Value_Newsletter). The value of this parameter shall be "1" (consent given) or "0" (consent denied).
Date_Time_[consent name] [consent name] shall be replaced by the name of consent (ie: consent_newseletter). For each of the Consent_[consent name] defined in the email shall be present a corresponding Date_Time_[consent name] (ie: Date_Time_Newsletter). The value of this parameter shall be the date and time of consent management in web site. It shall be in format dd-mm-yyyy hh:mm:ss .

Example of a well structured email: 

Source:myCompanyName
Name:Jhon
Surname:Smith
Email:jhon.smith@mymail.com
City:myTown
Province_State:myProvince
Country:myCountry
Phone:002235468
User_id:12345
Username:jsmith
IP_address:192.168.1.27
Lang:en-GB
Consent_A:1
Value_A:0
Date_Time_A:12-10-2018 10:14:50
Consent_B:2
Value_B:0
Date_Time_B:12-10-2018 10:14:50
Consent_Newsletter:3
Value_Newsletter:1
Date_Time_Newsletter:12-10-2018 10:14:50

Bulk operations of consent record

Privacy Now® allows the bulk management of consent from Consents\Manage Consents from xlsx.

Import/Update of Consents

Consents bulk import.

File:Consent Import Template.xlsx

The details of expected xlsx structure is explained in following table.

Field Description
Id Univocal Id of Data Subject in Privacy Now®. This field is optional.
Name Name of Data Subject in acquiring system. This field is mandatory.
Surname Surname of Data Subject in acquiring system. This field is mandatory.
Email Email of Data Subject in acquiring system. This field is mandatory.
Phone Phone of Data Subject in acquiring system. This field is optional.
City City of Data Subject in acquiring system. This field is optional.
Province/State Province/State of Data Subject in acquiring system. This field is optional.
Country Country of Data Subject in acquiring system. This field is optional.
Username Login of Data Subject in acquiring system. This field is optional.
Consent Consent Type Code to be granted to imported Data Subject (defined in Privacy Now®). This field is mandatory.
Value Consent Value given by Data Subject for the imported Consent Type. The value could be "1" (consent granted) or "0" (consent not granted). This field is mandatory.
Data consent date. This field is mandatory.
Description record description. This field is optional.
Service Privacy Now® service used as import target. This field is mandatory.
Lang Data Subject selected language. This field is optional.
uid Univocal Id of Data Subject in acquiring system. This field is optional.
Source A key word defining univocally the acquiring system. This field is mandatory.

Removal of consents

A consent can be removed individually from Application Settings.

Update consents in Wrong Email status

TBC

Retrieved from "http://wiki.privacy-now.eu/en/index.php?title=Consents&oldid=681"